Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:D2193AA4-D7F5-44FD-8DB7-05ECC7E02117
HistoryMar 30, 2019 - 12:00 a.m.

CVE-2019-10655

2019-03-3000:00:00
attackerkb.com
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.924 High

EPSS

Percentile

98.7%

JSON

Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

Related

packetstorm 2
cve 1
zdt 2
checkpoint_advisories 1
prion 1
rapid7blog 1
nessus 2
thn 1
mmpc 1
mssecure 1
packetstorm
packetstorm
Grandstream GXV31XX settimezone Unauthenticated Command Execution
2022-02-09 00:00:00
Grandstream GXV3175 Unauthenticated Command Execution
2022-01-20 00:00:00
cve
cve
CVE-2019-10655
2019-03-30 17:29:00
zdt
zdt
Grandstream GXV31XX settimezone Unauthenticated Command Execution Exploit
2022-02-09 00:00:00
Grandstream GXV3175 Unauthenticated Command Execution Exploit
2022-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Grandstream Multiple Products Authentication Bypass (CVE-2019-10655)
2021-01-25 00:00:00
prion
prion
Authentication flaw
2019-03-30 17:29:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-01-21 20:08:55
nessus
nessus
Multiple Command Injection Vulnerabilities in Grandstream Products
2019-04-19 00:00:00
Multiple Command Injection Vulnerabilities in Grandstream Products
2019-04-01 00:00:00
thn
thn
Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
2022-12-22 09:39:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.924 High

EPSS

Percentile

98.7%

JSON
Related for AKB:D2193AA4-D7F5-44FD-8DB7-05ECC7E02117
packetstorm2cve1zdt2checkpoint_advisories1prion1rapid7blog1nessus2thn1mmpc1mssecure1